package com.mulesoft.connectors.sharepoint.internal.service.security;

import com.mulesoft.connectors.sharepoint.internal.service.handler.FoundResponseHandler;
import com.mulesoft.connectors.sharepoint.internal.service.security.okta.OktaAuthApiClient;
import com.mulesoft.connectors.sharepoint.internal.service.security.okta.OktaClientConfiguration;
import com.mulesoft.connectors.sharepoint.internal.utils.ConnectorUtils;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicHeader;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.jetbrains.annotations.NotNull;
import org.mule.modules.security.microsoft.MicrosoftAuthenticationException;
import org.mule.modules.security.microsoft.adfs.AdfsAuthentication;
import org.mule.modules.security.microsoft.microsoftonline.MicrosoftOnlineAuthentication;
import org.mule.modules.security.microsoft.utils.SamlTokenUtils;
import org.mule.runtime.api.connection.ConnectionException;

/* loaded from: input_file:com/mulesoft/connectors/sharepoint/internal/service/security/LoginService.class */
public class LoginService {
    public static final String INVALID_OKTA_ACCOUNT = "Could not log into Sharepoint with this user. Please check your Okta account.";
    public static final String UNABLE_TO_FETCH_SHAREPOINT_INSTANCE_URL = "Unable to fetch sharepoint instance URL";
    private static final String WCTX = "wctx";
    private static final int VALID_AUTH_PAYLOAD = 2;
    private final CloseableHttpClient httpClient;

    public LoginService(CloseableHttpClient closeableHttpClient) {
        this.httpClient = closeableHttpClient;
    }

    public OktaLoginResult login(String str, String str2, String str3, String str4, String str5) throws ConnectionException {
        OktaAuthApiClient oktaAuthApiClient = new OktaAuthApiClient(new OktaClientConfiguration(str4, str5));
        Map<String, String> sAMLArguments = oktaAuthApiClient.getSAMLArguments(str, oktaAuthApiClient.authenticate(str2, str3, ConnectorUtils.EMPTY).getSessionToken());
        if (sAMLArguments.size() < 2) {
            throw new ConnectionException(INVALID_OKTA_ACCOUNT);
        }
        String sAMLToken = oktaAuthApiClient.getSAMLToken(sAMLArguments);
        String siteUrlFromOkta = getSiteUrlFromOkta(sAMLArguments.get(WCTX));
        return new OktaLoginResult(convertStringToURL(siteUrlFromOkta), getHttpContextWithAccessToken(siteUrlFromOkta, sAMLToken));
    }

    private URL convertStringToURL(String str) throws ConnectionException {
        try {
            return new URL(str);
        } catch (MalformedURLException e) {
            throw new ConnectionException(UNABLE_TO_FETCH_SHAREPOINT_INSTANCE_URL, e);
        }
    }

    private String getSiteUrlFromOkta(String str) throws ConnectionException {
        try {
            String decode = URLDecoder.decode(str, StandardCharsets.UTF_8.name());
            return decode.substring(decode.indexOf("wreply=") + 7, decode.indexOf("_layouts/15/sharepoint.aspx"));
        } catch (UnsupportedEncodingException e) {
            throw new ConnectionException(e.getMessage(), e);
        }
    }

    public HttpContext login(URL url, String str, String str2) throws ConnectionException {
        try {
            return getHttpContextWithAccessToken(url.toString().substring(0, url.toString().length() - url.getPath().length()), SamlTokenUtils.getValueFromXml(SamlTokenUtils.getRequestedSecurityTokenFromSecurityTokenResponse(new MicrosoftOnlineAuthentication(this.httpClient).getSecurityTokenForSharepointOnline(str, str2, url, 1)), "BinarySecurityToken"));
        } catch (MicrosoftAuthenticationException e) {
            throw new ConnectionException(e.getMessage(), e);
        }
    }

    public HttpContext login(ClaimsLogin claimsLogin) throws ConnectionException {
        try {
            String valueFromXml = SamlTokenUtils.getValueFromXml(new AdfsAuthentication(this.httpClient).getTokenFromAdfs(claimsLogin.getUsername(), claimsLogin.getPassword(), claimsLogin.getScope(), claimsLogin.getStsUrl()), "Body");
            URL serviceUrl = claimsLogin.getServiceUrl();
            return getHttpContextWithAccessToken(serviceUrl.toString().substring(0, serviceUrl.toString().length() - serviceUrl.getPath().length()), valueFromXml);
        } catch (Exception e) {
            throw new ConnectionException(e.getMessage(), e);
        }
    }

    @NotNull
    private HttpContext getHttpContextWithAccessToken(String str, String str2) throws ConnectionException {
        try {
            BasicHttpContext basicHttpContext = new BasicHttpContext();
            basicHttpContext.setAttribute("http.cookie-store", new BasicCookieStore());
            HttpPost httpPost = new HttpPost(str + "/_forms/default.aspx?wa=wsignin1.0");
            httpPost.setHeader("User-Agent", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)");
            httpPost.setHeader(new BasicHeader("Content-Type", "application/x-www-form-urlencoded"));
            httpPost.setEntity(new StringEntity(str2));
            this.httpClient.execute(httpPost, new FoundResponseHandler(), basicHttpContext);
            return basicHttpContext;
        } catch (IOException e) {
            throw new ConnectionException("Unable to obtain access token.", e);
        }
    }

    public HttpContext login(NtlmLogin ntlmLogin) {
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new NTCredentials(ntlmLogin.getUsername(), ntlmLogin.getPassword(), ConnectorUtils.EMPTY, ntlmLogin.getDomain()));
        basicHttpContext.setAttribute("http.auth.credentials-provider", basicCredentialsProvider);
        return basicHttpContext;
    }

    public HttpContext login(URL url, String str) throws ConnectionException {
        try {
            return getHttpContextWithAccessToken(url.toString().substring(0, url.toString().length() - url.getPath().length()), str.contains("wsse:BinarySecurityToken") ? SamlTokenUtils.getValueFromXml(str, "BinarySecurityToken") : str);
        } catch (MicrosoftAuthenticationException e) {
            throw new ConnectionException(e.getMessage(), e);
        }
    }

    public HttpContext login(KerberosLogin kerberosLogin) {
        HttpClientContext create = HttpClientContext.create();
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(kerberosLogin.getUsername(), kerberosLogin.getPassword()));
        create.setCredentialsProvider(basicCredentialsProvider);
        return create;
    }
}
